Play interactive tour

Edit tour

Analysis Report https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/

Overview

General Information

Sample URL:	https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/
Analysis ID:	342309
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Startup

System is w10x64

chrome.exe (PID: 2336 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 3840 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,12015147807118827427,5452090638365643604,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1636 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Compliance:

Creates a directory in C:\Program Files

Show sources

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Uses secure TLS version for HTTPS connections

Show sources

Source: unknown	HTTPS traffic detected: 52.19.133.54:443 -> 192.168.2.3:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.76.87.20:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.57.31.206:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.57.31.206:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.228.74.133:443 -> 192.168.2.3:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.63.145.5:443 -> 192.168.2.3:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.208.234.189:443 -> 192.168.2.3:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 146.171.248.36:443 -> 192.168.2.3:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 146.171.248.36:443 -> 192.168.2.3:49825 version: TLS 1.2

Networking:

Source: Cookies.1.dr	String found in binary or memory: .www.linkedin.combscookie/ equals www.linkedin.com (Linkedin)
Source: Cookies.1.dr	String found in binary or memory: .www.linkedin.combscookie//Q] equals www.linkedin.com (Linkedin)

Source: unknown

DNS traffic detected: queries for: tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog

Source: 77EC63BDA74BD0D0E0426DC8F8008506.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: Current Session.0.dr	String found in binary or memory: https://8015196.fls.doubleclick.net
Source: Current Session.0.dr	String found in binary or memory: https://8015196.fls.doubleclick.net/activityi;dc_pre=CJKhpYaRq-4CFdHmuwgdF64BiA;src=8015196;type=sit
Source: Current Session.0.dr	String found in binary or memory: https://8015196.fls.doubleclick.net/ddm/fls/r/dc_pre=CJKhpYaRq-4CFdHmuwgdF64BiA;src=8015196;type=sit
Source: Current Session.0.dr	String found in binary or memory: https://8015196.fls.doubleclick.netJBhttps://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.g
Source: a594d90f-69bf-4676-bfc8-3590d35c1b1a.tmp.1.dr, c7dfd85b-8205-4113-969e-70dfd46d60b7.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: 6b23593b175be890_0.0.dr	String found in binary or memory: https://ad.doubleclick.net/ddm/adj/N700316.197812NSO.CODESRV/B20295767.205245490;sz=1x2;ord=19722775
Source: Current Session.0.dr	String found in binary or memory: https://adservice.google.com
Source: Current Session.0.dr	String found in binary or memory: https://adservice.google.com/ddm/fls/i/dc_pre=CJKhpYaRq-4CFdHmuwgdF64BiA;src=8015196;type=sitew0;cat
Source: a594d90f-69bf-4676-bfc8-3590d35c1b1a.tmp.1.dr, c7dfd85b-8205-4113-969e-70dfd46d60b7.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: a594d90f-69bf-4676-bfc8-3590d35c1b1a.tmp.1.dr, c7dfd85b-8205-4113-969e-70dfd46d60b7.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: a594d90f-69bf-4676-bfc8-3590d35c1b1a.tmp.1.dr, c7dfd85b-8205-4113-969e-70dfd46d60b7.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 47dec20af7cca857_0.0.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: 61e4634241f9541d_0.0.dr	String found in binary or memory: https://connect.facebook.net/signals/config/134249707157074?v=2.9.33&r=stable
Source: 8d9af317c4b836a5_0.0.dr	String found in binary or memory: https://d2oh4tlt9mrke9.cloudfront.net/Record/js/sessioncam.recorder.js
Source: bc8bc26c-0edd-486d-a015-c6c9766df389.tmp.1.dr, a594d90f-69bf-4676-bfc8-3590d35c1b1a.tmp.1.dr, ab54a9d3-15c2-4ef8-9955-0df9947e65cb.tmp.1.dr, c7dfd85b-8205-4113-969e-70dfd46d60b7.tmp.1.dr	String found in binary or memory: https://dns.google
Source: bd2a7ecea3be0853_0.0.dr	String found in binary or memory: https://doubleclick.net/
Source: a594d90f-69bf-4676-bfc8-3590d35c1b1a.tmp.1.dr, c7dfd85b-8205-4113-969e-70dfd46d60b7.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: a594d90f-69bf-4676-bfc8-3590d35c1b1a.tmp.1.dr, c7dfd85b-8205-4113-969e-70dfd46d60b7.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: 0bfb1a50b792377a_0.0.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979185687/?random=1611199468724&cv=
Source: a594d90f-69bf-4676-bfc8-3590d35c1b1a.tmp.1.dr, c7dfd85b-8205-4113-969e-70dfd46d60b7.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: 93801eaeb49cb205_0.0.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/r20210113/r20110914/elements/html/omrhp.js
Source: a594d90f-69bf-4676-bfc8-3590d35c1b1a.tmp.1.dr, c7dfd85b-8205-4113-969e-70dfd46d60b7.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: a5df18d76cc55c34_0.0.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: bd2a7ecea3be0853_0.0.dr	String found in binary or memory: https://rules.quantcount.com/rules-p-Jj-dsf1RefZer.js
Source: 87036b8100634b72_0.0.dr	String found in binary or memory: https://secure.quantserve.com/quant.js
Source: Current Session.0.dr	String found in binary or memory: https://servedby.flashtalking.com/container/7487;52295;5663;iframe/?U1=undefined&U2=undefined&U3=und
Source: adbe09887b56b9f7_0.0.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: 250127563fdf82d9_0.0.dr	String found in binary or memory: https://spark-track.inside-graph.com/gtm/IN-1000260/include.js
Source: cf4e4ce2f684870b_0.0.dr	String found in binary or memory: https://spark-track.inside-graph.com/ig.js
Source: a594d90f-69bf-4676-bfc8-3590d35c1b1a.tmp.1.dr, c7dfd85b-8205-4113-969e-70dfd46d60b7.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: 8f55c266ff3844ba_0.0.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: a5df18d76cc55c34_0.0.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: 172dd31f832669c2_0.0.dr, 48fd86897158dd45_0.0.dr, e6a898fbbb7936af_0.0.dr, 0bfb1a50b792377a_0.0.dr, f96406cc3b6664fb_0.0.dr	String found in binary or memory: https://translate.goog/
Source: 9a0b15f197ea8065_0.0.dr	String found in binary or memory: https://translate.goog/8
Source: 93d183b5c552dedd_0.0.dr	String found in binary or memory: https://translate.goog/K
Source: bf31fe0f587e6b42_0.0.dr	String found in binary or memory: https://translate.goog/Q
Source: cf4e4ce2f684870b_0.0.dr	String found in binary or memory: https://translate.goog/d&
Source: 8d9af317c4b836a5_0.0.dr	String found in binary or memory: https://translate.goog/h:r
Source: f4841e1a7c598ca6_0.0.dr	String found in binary or memory: https://translate.goog/tY
Source: a3a6faa4a8999070_0.0.dr	String found in binary or memory: https://translate.goog/z%
Source: 771b0700dd55e789_0.0.dr	String found in binary or memory: https://translate.google.com/translate_a/element.js?cb=gtElInit&client=wt
Source: Current Session.0.dr	String found in binary or memory: https://translate.google.com/translate_un?sl=en&tl=zh-CN&u=https://www.spark.co.nz/&usg=ALkJrhgZqZAp
Source: 9a0b15f197ea8065_0.0.dr	String found in binary or memory: https://translate.googleapis.com/element/TE_20201130_00/e/js/element/element_main.js
Source: 5dc9d4e78f5bf235_0.0.dr	String found in binary or memory: https://translate.googleapis.com/translate_static/js/element/main.js
Source: Current Session.0.dr	String found in binary or memory: https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog
Source: Current Session.0.dr, 000003.log0.0.dr, History.0.dr	String found in binary or memory: https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/
Source: Current Session.0.dr	String found in binary or memory: https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/1New
Source: Current Session.0.dr	String found in binary or memory: https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/7o
Source: History-journal.0.dr	String found in binary or memory: https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/New
Source: Current Session.0.dr	String found in binary or memory: https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.googh
Source: Current Session.0.dr	String found in binary or memory: https://www.everestjs.net/static/pixel_details.html#google=YAh1YwAABUIZxCtp&gsurfer=YAh1YwAABUIZxCtp
Source: e6a898fbbb7936af_0.0.dr	String found in binary or memory: https://www.everestjs.net/static/st.v3.js
Source: 6ef9f71484a8ba64_0.0.dr, 8f55c266ff3844ba_0.0.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: 8f55c266ff3844ba_0.0.dr	String found in binary or memory: https://www.google-analytics.com/analytics.jsaD
Source: a594d90f-69bf-4676-bfc8-3590d35c1b1a.tmp.1.dr, c7dfd85b-8205-4113-969e-70dfd46d60b7.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: a5df18d76cc55c34_0.0.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: da863bd2da13aa6c_0.0.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion/971021318/?random=1611199468715&cv=9&fst=16111994
Source: 79724d7411ed81f8_0.0.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion_async.js
Source: 79724d7411ed81f8_0.0.dr	String found in binary or memory: https://www.googleadservices.com/pagead/conversion_async.jsaD
Source: a594d90f-69bf-4676-bfc8-3590d35c1b1a.tmp.1.dr, c7dfd85b-8205-4113-969e-70dfd46d60b7.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: 93d183b5c552dedd_0.0.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-48213762-2&l=dataLayer
Source: 172dd31f832669c2_0.0.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=GTM-WT5NVL
Source: 479068813262005f_0.0.dr	String found in binary or memory: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Source: a594d90f-69bf-4676-bfc8-3590d35c1b1a.tmp.1.dr, c7dfd85b-8205-4113-969e-70dfd46d60b7.tmp.1.dr	String found in binary or memory: https://www.gstatic.com
Source: e18ac1949605c07c_0.0.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/_KUxfxvAoJ4k7SaKyLbja4Mi/recaptcha__en.js
Source: a5df18d76cc55c34_0.0.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/_KUxfxvAoJ4k7SaKyLbja4Mi/recaptcha__en.jsa
Source: a5df18d76cc55c34_0.0.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/_KUxfxvAoJ4k7SaKyLbja4Mi/recaptcha__en.jsaD
Source: bf31fe0f587e6b42_0.0.dr	String found in binary or memory: https://www.spark.co.nz/content/dam/kb/public/libs/gwc-config.js
Source: fc29a866432da53a_0.0.dr	String found in binary or memory: https://www.spark.co.nz/content/dam/kb/public/libs/gwc-core.js
Source: d30fc376c455885a_0.0.dr	String found in binary or memory: https://www.spark.co.nz/content/dam/kb/public/libs/gwc-extend.js
Source: fbf923d1d88375e9_0.0.dr	String found in binary or memory: https://www.spark.co.nz/content/dam/kb/public/libs/gwc-i18n.js
Source: 48fd86897158dd45_0.0.dr	String found in binary or memory: https://www.spark.co.nz/content/dam/kb/public/libs/gwc.js
Source: 642b8852a6320f23_0.0.dr	String found in binary or memory: https://www.spark.co.nz/content/dam/kb/public/libs/widgets.min.js
Source: 2cb4290a205d5a4a_0.0.dr	String found in binary or memory: https://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/4db2e0cdbd4d/EX8471dbbf
Source: b7f216b600de166a_0.0.dr	String found in binary or memory: https://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/4db2e0cdbd4d/RC87ec4858
Source: 983819d23cf8e8eb_0.0.dr	String found in binary or memory: https://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/4db2e0cdbd4d/hostedLibF
Source: a3a6faa4a8999070_0.0.dr	String found in binary or memory: https://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/launch-4c20c4466aca.min
Source: 4d702a630beffd81_0.0.dr	String found in binary or memory: https://www.spark.co.nz/content/dam/telecomcms/js/outage-map/network_banner_data.js
Source: 6410707a8cc2264f_0.0.dr	String found in binary or memory: https://www.spark.co.nz/content/dam/telecomcms/livechat/chat-widget-target-pages.js
Source: b2884e403d688bd1_0.0.dr	String found in binary or memory: https://www.spark.co.nz/etc.clientlibs/clientlibs/granite/jquery.js
Source: f549b40e56ed69ec_0.0.dr	String found in binary or memory: https://www.spark.co.nz/etc.clientlibs/clientlibs/granite/jquery/granite.js
Source: f96406cc3b6664fb_0.0.dr	String found in binary or memory: https://www.spark.co.nz/etc.clientlibs/clientlibs/granite/lodash/modern.js
Source: a2ece3c35496c063_0.0.dr	String found in binary or memory: https://www.spark.co.nz/etc.clientlibs/clientlibs/granite/utils.js
Source: 0917b26c32fe984f_0.0.dr	String found in binary or memory: https://www.spark.co.nz/etc.clientlibs/foundation/clientlibs/main.js
Source: b4c9613f6068be0f_0.0.dr	String found in binary or memory: https://www.spark.co.nz/etc.clientlibs/foundation/clientlibs/shared.js
Source: 61aa7cab509f8138_0.0.dr	String found in binary or memory: https://www.spark.co.nz/etc/designs/base-frontend/clientlib-react.js
Source: 48e0fed527618827_0.0.dr	String found in binary or memory: https://www.spark.co.nz/etc/designs/onespark/clientlib-all.js
Source: 45fff383de49869d_0.0.dr	String found in binary or memory: https://www.spark.co.nz/etc/designs/onespark/clientlib-sparkv2.js
Source: f4841e1a7c598ca6_0.0.dr	String found in binary or memory: https://www.spark.co.nz/etc/designs/spark-broadband-experience/clientlib-reactjs.js
Source: 015cbb816784c656_0.0.dr	String found in binary or memory: https://www.spark.co.nz/etc/designs/spark-responsive/clientlib-forms.js
Source: 4f2c20c31a3c3655_0.0.dr	String found in binary or memory: https://www.spark.co.nz/etc/designs/spark-responsive/clientlib-reactjs.js
Source: 44c90d4def7a7a7c_0.0.dr	String found in binary or memory: https://www.spark.co.nz/etc/designs/sparklabs/clientlib-all.js
Source: Current Session.0.dr	String found in binary or memory: https://www.spark.co.nz/search
Source: 1e4cec8273b744fc_0.0.dr	String found in binary or memory: https://www.staticcdn.co.nz/m87/k33spt.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866

Source: unknown	HTTPS traffic detected: 52.19.133.54:443 -> 192.168.2.3:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.76.87.20:443 -> 192.168.2.3:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.57.31.206:443 -> 192.168.2.3:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 50.57.31.206:443 -> 192.168.2.3:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 91.228.74.133:443 -> 192.168.2.3:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.63.145.5:443 -> 192.168.2.3:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.208.234.189:443 -> 192.168.2.3:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 146.171.248.36:443 -> 192.168.2.3:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 146.171.248.36:443 -> 192.168.2.3:49825 version: TLS 1.2

System Summary:

Source: classification engine

Classification label: clean0.win@19/94@36/27

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6008F3D9-920.pma

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized 'https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/'
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,12015147807118827427,5452090638365643604,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1636 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,12015147807118827427,5452090638365643604,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1636 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading3	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/	0%	Virustotal		Browse
https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
4c60a0a94672.o3n.io	0%	Virustotal		Browse
www.google.co.uk	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/New	0%	Avira URL Cloud	safe
https://www.spark.co.nz/content/dam/kb/public/libs/widgets.min.js	0%	Avira URL Cloud	safe
https://www.spark.co.nz/etc/designs/onespark/clientlib-all.js	0%	Avira URL Cloud	safe
https://www.spark.co.nz/etc/designs/spark-responsive/clientlib-forms.js	0%	Avira URL Cloud	safe
https://translate.goog/h:r	0%	Avira URL Cloud	safe
https://www.spark.co.nz/content/dam/kb/public/libs/gwc.js	0%	Avira URL Cloud	safe
https://8015196.fls.doubleclick.netJBhttps://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.g	0%	Avira URL Cloud	safe
https://www.spark.co.nz/content/dam/telecomcms/livechat/chat-widget-target-pages.js	0%	Avira URL Cloud	safe
https://spark-track.inside-graph.com/ig.js	0%	Avira URL Cloud	safe
https://www.staticcdn.co.nz/m87/k33spt.js	0%	Avira URL Cloud	safe
https://www.spark.co.nz/etc.clientlibs/clientlibs/granite/jquery/granite.js	0%	Avira URL Cloud	safe
https://translate.goog/tY	0%	Avira URL Cloud	safe
https://www.spark.co.nz/etc/designs/spark-responsive/clientlib-reactjs.js	0%	Avira URL Cloud	safe
https://translate.goog/z%	0%	Avira URL Cloud	safe
https://www.spark.co.nz/search	0%	Avira URL Cloud	safe
https://www.spark.co.nz/etc.clientlibs/clientlibs/granite/jquery.js	0%	Avira URL Cloud	safe
https://www.spark.co.nz/etc.clientlibs/foundation/clientlibs/shared.js	0%	Avira URL Cloud	safe
https://translate.goog/Q	0%	Avira URL Cloud	safe
https://www.spark.co.nz/content/dam/telecomcms/js/outage-map/network_banner_data.js	0%	Avira URL Cloud	safe
https://www.spark.co.nz/etc/designs/base-frontend/clientlib-react.js	0%	Avira URL Cloud	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://translate.goog/d&	0%	Avira URL Cloud	safe
https://www.spark.co.nz/etc.clientlibs/foundation/clientlibs/main.js	0%	Avira URL Cloud	safe
https://www.spark.co.nz/etc.clientlibs/clientlibs/granite/lodash/modern.js	0%	Avira URL Cloud	safe
https://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/launch-4c20c4466aca.min	0%	Avira URL Cloud	safe
https://translate.goog/	0%	Avira URL Cloud	safe
https://www.spark.co.nz/etc.clientlibs/clientlibs/granite/utils.js	0%	Avira URL Cloud	safe
https://www.spark.co.nz/etc/designs/sparklabs/clientlib-all.js	0%	Avira URL Cloud	safe
https://translate.goog/K	0%	Avira URL Cloud	safe
https://rules.quantcount.com/rules-p-Jj-dsf1RefZer.js	0%	Avira URL Cloud	safe
https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/7o	0%	Avira URL Cloud	safe
https://translate.goog/8	0%	Avira URL Cloud	safe
https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/1New	0%	Avira URL Cloud	safe
https://www.spark.co.nz/content/dam/kb/public/libs/gwc-i18n.js	0%	Avira URL Cloud	safe
https://www.spark.co.nz/content/dam/kb/public/libs/gwc-extend.js	0%	Avira URL Cloud	safe
https://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/4db2e0cdbd4d/EX8471dbbf	0%	Avira URL Cloud	safe
https://spark-track.inside-graph.com/gtm/IN-1000260/include.js	0%	Avira URL Cloud	safe
https://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/4db2e0cdbd4d/RC87ec4858	0%	Avira URL Cloud	safe
https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.googh	0%	Avira URL Cloud	safe
https://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/4db2e0cdbd4d/hostedLibF	0%	Avira URL Cloud	safe
https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog	0%	Avira URL Cloud	safe
https://www.spark.co.nz/content/dam/kb/public/libs/gwc-config.js	0%	Avira URL Cloud	safe
https://www.spark.co.nz/content/dam/kb/public/libs/gwc-core.js	0%	Avira URL Cloud	safe
https://www.spark.co.nz/etc/designs/onespark/clientlib-sparkv2.js	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
4c60a0a94672.o3n.io	54.76.87.20	true	false	0%, Virustotal, Browse	unknown
star-mini.c10r.facebook.com	185.60.216.35	true	false		high
dart.l.doubleclick.net	172.217.20.230	true	false		high
pagead46.l.doubleclick.net	172.217.20.226	true	false		high
tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog	172.217.22.193	true	false		unknown
d2fashanjl7d9f.cloudfront.net	13.226.169.38	true	false		high
stats.l.doubleclick.net	108.177.15.154	true	false		high
d3f5l8ze0o4j2m.cloudfront.net	13.226.175.210	true	false		high
global.px.quantserve.com	91.228.74.133	true	false		high
recording-elb-2-1543527570.us-east-1.elb.amazonaws.com	3.208.234.189	true	false		high
scontent.xx.fbcdn.net	31.13.92.14	true	false		high
spark.co.nz.ssl.sc.omtrdc.net	15.237.76.117	true	false		unknown
d2oh4tlt9mrke9.cloudfront.net	143.204.15.91	true	false		high
pagead.l.doubleclick.net	172.217.20.226	true	false		high
www.google.co.uk	172.217.23.35	true	false	0%, Virustotal, Browse	unknown
www.spark.co.nz	146.171.248.36	true	false		unknown
atlas.c10r.facebook.com	31.13.92.2	true	false		high
sparknewzealandtradi.tt.omtrdc.net	52.19.133.54	true	false		unknown
pop-efr5.mix.linkedin.com	185.63.145.5	true	false		high
googlehosted.l.googleusercontent.com	172.217.23.1	true	false		high
spark-live.inside-graph.com	13.54.252.238	true	false		unknown
uipus.semasio.net	50.57.31.206	true	false		high
www.staticcdn.co.nz	13.226.169.14	true	false		unknown
www.googletagservices.com	unknown	unknown	false		high
sanalytics.spark.co.nz	unknown	unknown	false		unknown
pixel.everesttech.net	unknown	unknown	false		high
cm.everesttech.net	unknown	unknown	false		high
adservice.google.co.uk	unknown	unknown	false		unknown
rules.quantcount.com	unknown	unknown	false		unknown
stats.g.doubleclick.net	unknown	unknown	false		high
clients2.googleusercontent.com	unknown	unknown	false		high
cm.g.doubleclick.net	unknown	unknown	false		high
servedby.flashtalking.com	unknown	unknown	false		high
www.facebook.com	unknown	unknown	false		high
googleads4.g.doubleclick.net	unknown	unknown	false		high
cx.atdmt.com	unknown	unknown	false		high
ad.doubleclick.net	unknown	unknown	false		high
ws.sessioncam.com	unknown	unknown	false		high
www.linkedin.com	unknown	unknown	false		high
secure.quantserve.com	unknown	unknown	false		high
8015196.fls.doubleclick.net	unknown	unknown	false		high
pixel.quantserve.com	unknown	unknown	false		high
connect.facebook.net	unknown	unknown	false		high
px.ads.linkedin.com	unknown	unknown	false		high
www.everestjs.net	unknown	unknown	false		high
googleads.g.doubleclick.net	unknown	unknown	false		high
snap.licdn.com	unknown	unknown	false		high
spark-track.inside-graph.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Reputation
https://8015196.fls.doubleclick.net/activityi;dc_pre=CJKhpYaRq-4CFdHmuwgdF64BiA;src=8015196;type=sitew0;cat=1spar0;ord=1943886707860;gtm=2wg161;auiddc=736513491.1611199467;u1=https%3A%2F%2Ftzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog%2F;u2=;u10=false;u11=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855;u15=https%3A%2F%2Ftzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog%2F;~oref=https%3A%2F%2Ftzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog%2F?	false	high
https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/	false	unknown
https://servedby.flashtalking.com/container/7487;52295;5663;iframe/?U1=undefined&U2=undefined&U3=undefined&U5=undefined&U10=false&ft_referrer=https%3A//tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/&ns=&cb=517370.09688144655	false	high
https://8015196.fls.doubleclick.net/ddm/fls/r/dc_pre=CJKhpYaRq-4CFdHmuwgdF64BiA;src=8015196;type=sitew0;cat=1spar0;ord=1943886707860;gtm=2wg161;auiddc=736513491.1611199467;u1=https%3A%2F%2Ftzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog%2F;u2=;u10=false;u11=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855;u15=https%3A%2F%2Ftzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog%2F;~oref=https%3A%2F%2Ftzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog%2F	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/New	History-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/content/dam/kb/public/libs/widgets.min.js	642b8852a6320f23_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/etc/designs/onespark/clientlib-all.js	48e0fed527618827_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/etc/designs/spark-responsive/clientlib-forms.js	015cbb816784c656_0.0.dr	false	Avira URL Cloud: safe	unknown
https://doubleclick.net/	bd2a7ecea3be0853_0.0.dr	false		high
https://www.everestjs.net/static/st.v3.js	e6a898fbbb7936af_0.0.dr	false		high
https://servedby.flashtalking.com/container/7487;52295;5663;iframe/?U1=undefined&U2=undefined&U3=und	Current Session.0.dr	false		high
https://translate.goog/h:r	8d9af317c4b836a5_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/content/dam/kb/public/libs/gwc.js	48fd86897158dd45_0.0.dr	false	Avira URL Cloud: safe	unknown
https://8015196.fls.doubleclick.netJBhttps://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.g	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/content/dam/telecomcms/livechat/chat-widget-target-pages.js	6410707a8cc2264f_0.0.dr	false	Avira URL Cloud: safe	unknown
https://spark-track.inside-graph.com/ig.js	cf4e4ce2f684870b_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.staticcdn.co.nz/m87/k33spt.js	1e4cec8273b744fc_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/etc.clientlibs/clientlibs/granite/jquery/granite.js	f549b40e56ed69ec_0.0.dr	false	Avira URL Cloud: safe	unknown
https://translate.goog/tY	f4841e1a7c598ca6_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/etc/designs/spark-responsive/clientlib-reactjs.js	4f2c20c31a3c3655_0.0.dr	false	Avira URL Cloud: safe	unknown
https://connect.facebook.net/en_US/fbevents.js	47dec20af7cca857_0.0.dr	false		high
https://translate.goog/z%	a3a6faa4a8999070_0.0.dr	false	Avira URL Cloud: safe	unknown
https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/	Current Session.0.dr, 000003.log0.0.dr, History.0.dr	false		unknown
https://www.spark.co.nz/search	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://connect.facebook.net/signals/config/134249707157074?v=2.9.33&r=stable	61e4634241f9541d_0.0.dr	false		high
https://stats.g.doubleclick.net/j/collect	8f55c266ff3844ba_0.0.dr	false		high
https://ad.doubleclick.net/ddm/adj/N700316.197812NSO.CODESRV/B20295767.205245490;sz=1x2;ord=19722775	6b23593b175be890_0.0.dr	false		high
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914	479068813262005f_0.0.dr	false		high
https://www.spark.co.nz/etc.clientlibs/clientlibs/granite/jquery.js	b2884e403d688bd1_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/etc.clientlibs/foundation/clientlibs/shared.js	b4c9613f6068be0f_0.0.dr	false	Avira URL Cloud: safe	unknown
https://8015196.fls.doubleclick.net/activityi;dc_pre=CJKhpYaRq-4CFdHmuwgdF64BiA;src=8015196;type=sit	Current Session.0.dr	false		high
https://translate.goog/Q	bf31fe0f587e6b42_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/content/dam/telecomcms/js/outage-map/network_banner_data.js	4d702a630beffd81_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/etc/designs/base-frontend/clientlib-react.js	61aa7cab509f8138_0.0.dr	false	Avira URL Cloud: safe	unknown
https://dns.google	bc8bc26c-0edd-486d-a015-c6c9766df389.tmp.1.dr, a594d90f-69bf-4676-bfc8-3590d35c1b1a.tmp.1.dr, ab54a9d3-15c2-4ef8-9955-0df9947e65cb.tmp.1.dr, c7dfd85b-8205-4113-969e-70dfd46d60b7.tmp.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://translate.goog/d&	cf4e4ce2f684870b_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/etc.clientlibs/foundation/clientlibs/main.js	0917b26c32fe984f_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.everestjs.net/static/pixel_details.html#google=YAh1YwAABUIZxCtp&gsurfer=YAh1YwAABUIZxCtp	Current Session.0.dr	false		high
https://www.spark.co.nz/etc.clientlibs/clientlibs/granite/lodash/modern.js	f96406cc3b6664fb_0.0.dr	false	Avira URL Cloud: safe	unknown
https://secure.quantserve.com/quant.js	87036b8100634b72_0.0.dr	false		high
https://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/launch-4c20c4466aca.min	a3a6faa4a8999070_0.0.dr	false	Avira URL Cloud: safe	unknown
https://translate.goog/	172dd31f832669c2_0.0.dr, 48fd86897158dd45_0.0.dr, e6a898fbbb7936af_0.0.dr, 0bfb1a50b792377a_0.0.dr, f96406cc3b6664fb_0.0.dr	false	Avira URL Cloud: safe	unknown
https://8015196.fls.doubleclick.net/ddm/fls/r/dc_pre=CJKhpYaRq-4CFdHmuwgdF64BiA;src=8015196;type=sit	Current Session.0.dr	false		high
https://www.spark.co.nz/etc.clientlibs/clientlibs/granite/utils.js	a2ece3c35496c063_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/etc/designs/sparklabs/clientlib-all.js	44c90d4def7a7a7c_0.0.dr	false	Avira URL Cloud: safe	unknown
https://translate.goog/K	93d183b5c552dedd_0.0.dr	false	Avira URL Cloud: safe	unknown
https://d2oh4tlt9mrke9.cloudfront.net/Record/js/sessioncam.recorder.js	8d9af317c4b836a5_0.0.dr	false		high
https://rules.quantcount.com/rules-p-Jj-dsf1RefZer.js	bd2a7ecea3be0853_0.0.dr	false	Avira URL Cloud: safe	unknown
https://snap.licdn.com/li.lms-analytics/insight.min.js	adbe09887b56b9f7_0.0.dr	false		high
https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/7o	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://translate.goog/8	9a0b15f197ea8065_0.0.dr	false	Avira URL Cloud: safe	unknown
https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/1New	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/content/dam/kb/public/libs/gwc-i18n.js	fbf923d1d88375e9_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/content/dam/kb/public/libs/gwc-extend.js	d30fc376c455885a_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/4db2e0cdbd4d/EX8471dbbf	2cb4290a205d5a4a_0.0.dr	false	Avira URL Cloud: safe	unknown
https://spark-track.inside-graph.com/gtm/IN-1000260/include.js	250127563fdf82d9_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/4db2e0cdbd4d/RC87ec4858	b7f216b600de166a_0.0.dr	false	Avira URL Cloud: safe	unknown
https://clients2.googleusercontent.com	a594d90f-69bf-4676-bfc8-3590d35c1b1a.tmp.1.dr, c7dfd85b-8205-4113-969e-70dfd46d60b7.tmp.1.dr	false		high
https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.googh	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/4db2e0cdbd4d/hostedLibF	983819d23cf8e8eb_0.0.dr	false	Avira URL Cloud: safe	unknown
https://8015196.fls.doubleclick.net	Current Session.0.dr	false		high
https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/content/dam/kb/public/libs/gwc-config.js	bf31fe0f587e6b42_0.0.dr	false	Avira URL Cloud: safe	unknown
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/979185687/?random=1611199468724&cv=	0bfb1a50b792377a_0.0.dr	false		high
https://www.spark.co.nz/content/dam/kb/public/libs/gwc-core.js	fc29a866432da53a_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.spark.co.nz/etc/designs/onespark/clientlib-sparkv2.js	45fff383de49869d_0.0.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
108.177.15.154	unknown	United States	15169	GOOGLEUS	false
54.76.87.20	unknown	United States	16509	AMAZON-02US	false
31.13.92.14	unknown	Ireland	32934	FACEBOOKUS	false
52.19.133.54	unknown	United States	16509	AMAZON-02US	false
13.54.252.238	unknown	United States	16509	AMAZON-02US	false
172.217.23.35	unknown	United States	15169	GOOGLEUS	false
172.217.23.34	unknown	United States	15169	GOOGLEUS	false
146.171.248.36	unknown	New Zealand	2570	TAS-SPARK-NZSparkNewZealandTradingLtdNZ	false
172.217.20.226	unknown	United States	15169	GOOGLEUS	false
13.226.175.210	unknown	United States	16509	AMAZON-02US	false
91.228.74.133	unknown	United Kingdom	27281	QUANTCASTUS	false
185.63.145.5	unknown	United States	14413	LINKEDINUS	false
172.217.22.193	unknown	United States	15169	GOOGLEUS	false
185.60.216.35	unknown	Ireland	32934	FACEBOOKUS	false
216.58.207.162	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.23.66	unknown	United States	15169	GOOGLEUS	false
13.226.169.14	unknown	United States	16509	AMAZON-02US	false
50.57.31.206	unknown	United States	19994	RACKSPACEUS	false
31.13.92.2	unknown	Ireland	32934	FACEBOOKUS	false
172.217.20.230	unknown	United States	15169	GOOGLEUS	false
13.226.169.38	unknown	United States	16509	AMAZON-02US	false
15.237.76.117	unknown	United States	16509	AMAZON-02US	false
143.204.15.91	unknown	United States	16509	AMAZON-02US	false
3.208.234.189	unknown	United States	14618	AMAZON-AESUS	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	342309
Start date:	20.01.2021
Start time:	19:23:22
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@19/94@36/27
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe Excluded IPs from analysis (whitelisted): 172.217.20.238, 172.217.23.78, 172.217.22.205, 74.125.104.87, 173.194.187.106, 216.58.207.131, 104.43.139.144, 13.88.21.125, 172.217.23.40, 172.217.23.74, 205.185.216.42, 205.185.216.10, 216.58.207.164, 172.217.23.46, 104.18.31.173, 104.18.30.173, 23.37.44.206, 8.248.139.254, 8.248.137.254, 8.248.117.254, 8.248.131.254, 8.253.204.120, 172.217.20.227, 104.85.1.45, 13.107.42.14, 34.246.227.69, 99.80.199.35, 63.33.127.66, 99.81.11.244, 54.171.42.33, 54.194.191.134, 34.255.166.243, 34.250.153.194, 34.253.145.149, 52.255.188.83, 104.85.0.56, 51.104.139.180, 172.217.23.10, 172.217.23.42, 172.217.22.234, 216.58.207.138, 216.58.207.170, 172.217.20.234, 92.122.213.247, 92.122.213.194, 20.54.26.129, 173.194.151.103 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, www.everestjs.net.edgekey.net, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, l-0005.l-msedge.net, clients2.google.com, audownload.windowsupdate.nsatc.net, update.googleapis.com, www.google.com, tp00.everesttech.net.akadns.net, watson.telemetry.microsoft.com, www.gstatic.com, au-bg-shim.trafficmanager.net, e9518.c.akamaiedge.net, www.google-analytics.com, spark-track.inside-graph.com.cdn.cloudflare.net, fs.microsoft.com, ampcid.google.com, cm.everesttech.net.akadns.net, db3p-ris-pf-prod-atm.trafficmanager.net, ris-prod.trafficmanager.net, skypedataprdcolcus16.cloudapp.net, pagead2.googlesyndication.com, www.googleapis.com, ris.api.iris.microsoft.com, r1---sn-4g5ednle.gvt1.com, www3.l.google.com, r1---sn-4g5e6ne6.gvt1.com, translate.googleapis.com, blobcollector.events.data.trafficmanager.net, clients.l.google.com, cds.f7f2q8c3.hwcdn.net, www.googleadservices.com, r5---sn-4g5e6nsr.gvt1.com, adservice.google.com, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e9706.dscg.akamaiedge.net, redirector.gvt1.com, r1.sn-4g5ednle.gvt1.com, www.googletagmanager.com, r1.sn-4g5e6ne6.gvt1.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, www-linkedin-com.l-0005.l-msedge.net, accounts.google.com, www-google-analytics.l.google.com, www-googletagmanager.l.google.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, skypedataprdcoleus17.cloudapp.net, wildcard.licdn.com.edgekey.net, translate.google.com, r5.sn-4g5e6nsr.gvt1.com, skypedataprdcolwus15.cloudapp.net Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
19:24:28	API Interceptor	3x Sleep call for process: chrome.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	low
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Microsoft Cabinet archive data, 58936 bytes, 1 file
Category:	dropped
Size (bytes):	176808
Entropy (8bit):	7.994797855729196
Encrypted:	true
SSDEEP:	1536:i/LAvEZrGclx0hoW6qCLdNz2p+/LAvEZrGclx0hoW6qCLdNz2p+/LAvEZrGclx0b:UcMqZVCp8pwcMqZVCp8pwcMqZVCp8pj
MD5:	8E2B96A9653A2443981CCB048DEA2F87
SHA1:	086C9A8D748814E8066079519A85D980CDA95F4E
SHA-256:	11512FEBD1B67DA08E4B508D738C827FC32A6A684658CE6659CC2A922EDEA2C1
SHA-512:	82764391B8EFEEEF22068B253B1990A29C97ECB8D769A4C1EB3A0D6C88EB09D41B588F6E280EE95C03FB1B3140593FE8286E1E0758166266D9CF3E6E2A2A9A84
Malicious:	false
Reputation:	low
Preview:	MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............\|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..D..agaV..2.\|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.\|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..\|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....\|.....Q...'....X..C.....a;...Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	3.1388149929494933
Encrypted:	false
SSDEEP:	12:6bykPlE99SNxAhUegeTNkPlE99SNxAhUegeTtkPlE99SNxAhUegeT2:oykPcUQU76NkPcUQU76tkPcUQU762
MD5:	7D9ACDE7534934B7FF6BC2BA34EAF48E
SHA1:	41B0F7BF07F8E8DD80F5713DABB1E8D4373DC98F
SHA-256:	DE81B9DB638451D4A4CAFFBE4EB409F6EC2B660EDFAF0B56B2DB4DFE962C4C36
SHA-512:	D683250C43019CF13F8DC03004794691D423087748FD6E8EC2EFD8FC7660F92EAC1EC76F92475E6FE6606F8ED80BF1AD081FAD33AAA6E15305CF0F90B7CDAE8A
Malicious:	false
Reputation:	low
Preview:	p...... ..........O....(....................................................... ..........Y.......$...........8...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.6.9.5.5.9.e.2.a.0.d.6.1.:.0."...p...... ..........W.....(....................................................... ..........Y.......$...........8...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.6.9.5.5.9.e.2.a.0.d.6.1.:.0."...p...... .........4P.....(....................................................... ..........Y.......$...........8...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.6.9.5.5.9.e.2.a.0.d.6.1.:.0."...

C:\Users\user\AppData\Local\Google\Chrome\User Data\32c123a8-baed-4847-a925-1630a03bf178.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	164179
Entropy (8bit):	6.081934191179142
Encrypted:	false
SSDEEP:	3072:EzTTlwZtM5KW9MThzsTcFcTnRoWdRfPZ3+9UhIFcbXafIB0u1GOJmA3iuR0:klc+5d9MThZyRoyfPR+cWaqfIlUOoSih
MD5:	587F5D11C3DA5E08B4FDDD47B1178947
SHA1:	77B72DB4497A34C4A25C1E1795909303F8BE00B0
SHA-256:	BF3D339DF43A9D10D12951D3ACBD57D842D774CAEA3FCA572C7F78FEB69C614C
SHA-512:	56E469CCE979F1352C44DAC028DA5AD7F32BE580FA90F22BF0C378D543E743B0B9C8A29638B755A6A677D0805545E9BADBE4C79330CFA02DFD5B36A02B427FDB
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.611199452388208e+12,"network":1.611167054e+12,"ticks":97412702.0,"uncertainty":4457341.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.254162526001658
Encrypted:	false
SSDEEP:	3:FkXft0xE1G1mstft0xE1G1mstft0xE1n:+ftIE1G1mkftIE1G1mkftIE1n
MD5:	E9224A19341F2979669144B01332DF59
SHA1:	F7F760C7104457DF463306A7F7BAE0142EFCEB5B
SHA-256:	47DD519C226D23F203ACAE0EC44DF9BB6208828E24F726E1602EA52F63C3E2BE
SHA-512:	4184302DEB5009D767FECFC150F580DD57D5CF9CF3BFEB7E52C9F3340E5E6499251B9F0DFF37F0454411FED9046880E0A9204312D021294256372C916B8155AC
Malicious:	false
Reputation:	low
Preview:	sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2b971696-f7f2-4a88-a20d-e60855e9ae42.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	2542
Entropy (8bit):	5.597867063110126
Encrypted:	false
SSDEEP:	48:YEnmU9tQJUoSi52eUo7MieUoFm6UUh5EUo9UoSv2RU9hwseKUe/BsmU9fqPeUer8:JnmU9tgUoSi52eUoYieUoF7UUUUo9UoG
MD5:	7FDBE5FF2E09BD18AEF3C4EE7B5AE0E1
SHA1:	1570F4726F08916D044FF44A5D069A61BC79510B
SHA-256:	B5F45328574C2CA54E57BFF2988F070D8EEDED28494C03BCB80717ADBA73B6EB
SHA-512:	67D8E0BDD73101C1D7E6575EB9F05D641B30A8B0D0A89B7C7739D7A50ECB4349C8FD351EE7D1CA45BB11041EEDC590BCDF88690E3BFEA3AE794F33CBEE509C65
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1611221069.938201,"host":"EbQFG2PVsvuMXBIr29Dlwma69nEpRy1JWxNeOLHp4Mo=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1611199469.938205},{"expiry":1642735468.858163,"host":"KIjZDZJ1d23LL3iy1yS0McoAVk7+TJa4+EwIBhap1gg=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1611199468.858167},{"expiry":1622085968.586742,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1611199568.586747},{"expiry":1642735467.800494,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1611199467.800498},{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1642735469.84223,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":true,"sts_obse

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2d5b0c5e-e279-4566-8253-8d322918304b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2542
Entropy (8bit):	5.596678553467732
Encrypted:	false
SSDEEP:	48:YEnmU9tQJUoSiaeUoSDlMieUoFm6UUh5EUo9UoSv2RU9hwseKUe/BsmU9fqPeUeQ:JnmU9tgUoSiaeUoS2ieUoF7UUUUo9UoG
MD5:	78A755A6401323622D6D6CD29D634E51
SHA1:	835FFACC10E90019CBB740DC71AD15E795A4795F
SHA-256:	AD8F8D76236939C6BDC0214BC0E7C3B68F28632D68F842C9E72988A214978D29
SHA-512:	C53503C5938B6AD70BC384D4968930E439F3DA0C420A1ABF9DC7A189A86B698ABCA09F6D43703315B7D5CD57B912AB896A6EEB84BA318A5749F778FF243D2FBE
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1611221069.938201,"host":"EbQFG2PVsvuMXBIr29Dlwma69nEpRy1JWxNeOLHp4Mo=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1611199469.938205},{"expiry":1642735468.858163,"host":"KIjZDZJ1d23LL3iy1yS0McoAVk7+TJa4+EwIBhap1gg=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1611199468.858167},{"expiry":1622085868.898134,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1611199468.898138},{"expiry":1642735467.800494,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1611199467.800498},{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1642735469.84223,"host":"TZmujbl93Yt3JI8wZ4X/zjkA0WFNGNW44A+o7h4YyHw=","mode":"force-https","sts_include_subdomains":true,"sts_obse

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\31b98929-2a3f-422c-bfef-d6df244c56f6.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	16763
Entropy (8bit):	5.578442903484188
Encrypted:	false
SSDEEP:	384:z1st3LlArXzQ1kXqKf/pUZNCgVLH2HfDTrUaxQCKM4o:uLlCzQ1kXqKf/pUZNCgVLH2HffrU+ln
MD5:	18FADD76716AC5C01F73B54C3CFE6C64
SHA1:	F72A24AFD4CF1060724D24F0B60DBD923C9DA945
SHA-256:	797758E1A027133D6F2E74B2F38E16991BB7121053CD53150E33D5559F7FC7F2
SHA-512:	1F2D47BFD57ACE50ABA042BEA2845B2A48051CC8AC0272C7D55BD2AE8A7AA0CD9F3DE7D4177117841C5F84FBE1F7195B299C1F56E45880A0A5460853EB67684E
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13255673049473779","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4e6beafc-9ee6-4bc4-a56d-e511691f3b1b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	16764
Entropy (8bit):	5.578482768306866
Encrypted:	false
SSDEEP:	384:z1st+LlArXzQ1kXqKf/pUZNCgVLH2HfDTrUTxQCKM4C:dLlCzQ1kXqKf/pUZNCgVLH2HffrUzlF
MD5:	3F3926AA1260E004495EC9D332F69A24
SHA1:	DDB4BAC44F1B402EEABBD36FF2EDF2F6FE72B691
SHA-256:	7A1851774733D9D08C2E9EAE32656813844C89396DD113792B6ACDD32C65EFEA
SHA-512:	8815CC58E90526BFDE75BB88B734F148FE68B08B4FBE75908866A2EFD74D4DA3AE6597BECA1602430FA2668962CAF4ED191935297D318766644FD17E75E7AD01
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13255673049473779","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\79809216-6f6f-4f9a-a83d-013c05e3d6f4.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	low
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\015cbb816784c656_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	5.4371479418116415
Encrypted:	false
SSDEEP:	6:mMH+YGLOLJrbCrNYQ50KeE8uCCb8YVhA5S/JXhK6t:7H11rb0t5zRtakX7
MD5:	53EEE4B4343356AEC6EBDCADBE9BD779
SHA1:	DCAAB992B37DA171EAEF5F56D2D51E383423D6C3
SHA-256:	B04E5CA801FE25AA65AC9DC3D362FB1BB42440EABAB8226F11750A7E72226888
SHA-512:	348498F115BFAF38D8E745DC58CDFCCD5FAE0632DDF724886E91FBA2567E26B706C97FA6C502C6E63C867C4C796B4DFD9E0EF70BFF020940078CAC7194F2C56A
Malicious:	false
Reputation:	low
Preview:	0\r..m......d....bH....._keyhttps://www.spark.co.nz/etc/designs/spark-responsive/clientlib-forms.js .https://translate.goog/....../......................6...=H....\..qLAp..>1...r.......A..Eo......s.r..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0917b26c32fe984f_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	229
Entropy (8bit):	5.463314333619913
Encrypted:	false
SSDEEP:	6:mRJt6EYGLOLJrbzKWQiC6K4QuCDy1wkl/lGi8JKCULK49K6t:mJk1rbzBTsyykt8VECUf
MD5:	CB114E96B8576AB223CCF1256481E358
SHA1:	9411A14F0E7BB75E49E9E5F5AAF2BE46B191F568
SHA-256:	B35E1AC44FA40271E835FBF605F1F5030D8C290B2B33076F9CD53ABAC5D40B81
SHA-512:	6E8E78174BF238B60FCCEC8304B106FE96AD25C5AA57CF299DF5A72984A0372F46A622783474A1B7D891393926AC38F9AFDC921AD2D870BBF7D5C13E74794501
Malicious:	false
Reputation:	low
Preview:	0\r..m......a....I.\|...._keyhttps://www.spark.co.nz/etc.clientlibs/foundation/clientlibs/main.js .https://translate.goog/....../...........................T.$N..m$.....dR795.....S,l.A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0bfb1a50b792377a_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	644
Entropy (8bit):	5.818121470272321
Encrypted:	false
SSDEEP:	12:78gE35FR+aE5m+Dux2pHgyyyJ3CMxAaLtGF2Pv89jfQFoUCMVsdBT2/7:78gETlE5puyAyyASrFpV2oUCs8T2/7
MD5:	54E7C4105464B3B7FEE1AB81E84745CF
SHA1:	01C1756C41F3BA3E04745B8C59F6900692C042E6
SHA-256:	EAF007BC0DAE3AE6ECD74C89A0E6DE4569A130E32B7CEE79A5CC9D7393077E06
SHA-512:	987DFF76EB730999592BFBF1607D7639EBA18F5E6A07199CD1BD69ADEC713867C8BB4AD40D955001676A16826F83A77D8D59429EE2CFD009D80089A3E3BDB136
Malicious:	false
Reputation:	low
Preview:	0\r..m...........o......_keyhttps://googleads.g.doubleclick.net/pagead/viewthroughconversion/979185687/?random=1611199468724&cv=9&fst=1611199468724&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_his=1&u_tz=-480&u_java=false&u_nplug=1&u_nmime=2&gtm=2wg161&sendb=1&ig=1&frm=0&url=https%3A%2F%2Ftzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog%2F&tiba=New%20Zealand%27s%20Best%20Broadband%20%26%20Mobile%20Phone%20Plans&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 .https://translate.goog/'r..../......................<.D..N.=.*.0....t.&y.V.l..@;...A..Eo......P\|...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\172dd31f832669c2_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.557380830271385
Encrypted:	false
SSDEEP:	6:mKYGLSmXZCLRT/uChMKsIMgESdY69/ZK6t:Lc2y6IDjT
MD5:	4C66352683DF669E0BA5E7615C27AC88
SHA1:	7855839924A75FF4D52F0FA3E923CAB6844A9F42
SHA-256:	04F56E9C797CE912D63BE417A99481D3112FF2698DFF343E7CD22DD202BADB70
SHA-512:	9ED44CC66B3261FCDCF3DD4373DAE63DA6CEDF444E1CECA9DA668DD6115DB0F03BF70D666CF674C54CD281D9BDCA9258C166A46978D9CF12BF64ACCDCC9C26F2
Malicious:	false
Reputation:	low
Preview:	0\r..m......R......A...._keyhttps://www.googletagmanager.com/gtm.js?id=GTM-WT5NVL .https://translate.goog/..e.../...................W>...V.....X!3\|OtwGj}....<...g.A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1e4cec8273b744fc_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	202
Entropy (8bit):	5.502886329196811
Encrypted:	false
SSDEEP:	6:matRnYGLenFfOgytuCc+oK6FsXwXnZA8bK6t:ttRunFfOHYJTKusXUnZn
MD5:	F36F579311F43BA193F39280E4D20BA0
SHA1:	D57685CFC37488CC62F165F29CE5984BF3776BCB
SHA-256:	1653E4E592C555C6F1C792CAF9225BF217E5039EA2AB9824129C4CD6FA5C266C
SHA-512:	C4577AA344C10B4DCC898A8D9231CFA89B95AA0DC6CA51CE6CD259068F03867BD5C7E8B52F5AC018A31EE51D77207D1C136F63B7C56C75A18A91077B8BB54A2F
Malicious:	false
Reputation:	low
Preview:	0\r..m......F...;......._keyhttps://www.staticcdn.co.nz/m87/k33spt.js .https://translate.goog/...../............. .........I..y..Q........P...=.U.u...Z.A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\250127563fdf82d9_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	223
Entropy (8bit):	5.516644521057303
Encrypted:	false
SSDEEP:	6:mXMEYg4OGTCX8iawK5AQuCX/6VqpH+f4pK6t:A14x48TAhcWqKM
MD5:	E48B3D4800691F1A77248A67D7CA6813
SHA1:	10EC228864ABFAA4F5168B35489C28E208A805F8
SHA-256:	191F8E2C3C1DA45B574FDB42FCD7BB94B91F20AC3298DFB958A3EEBE50AD1566
SHA-512:	97EB2CC1AB314FCC340A0DF7AAC166A263E6CB1E7F3D6802C1CAB048DE76365256CAF194998C20D8B11AFD6ABDA6D32D3988B9DA3EC7560CC65912300EAEF760
Malicious:	false
Reputation:	low
Preview:	0\r..m......[.........._keyhttps://spark-track.inside-graph.com/gtm/IN-1000260/include.js .https://translate.goog/.Y..../.............0.......C\|[n.e.I...tq.G.#S.\..&..E......A..Eo.......j..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2cb4290a205d5a4a_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	311
Entropy (8bit):	5.730390204147535
Encrypted:	false
SSDEEP:	6:mMCYGLOLJrdEAKPiwGZTBZZQkaMhn5ga0uC461TvcRAb44rJQthK6t:hB1rKqwGDjZpOzwM9lc
MD5:	1C22D44877A9AE70FF19CBCA240C5C23
SHA1:	CAD1258821E26DADB8F77D9295B99E2B782C676E
SHA-256:	FBE4C2BC6B5853F7049FA5725C78815E2F92035AF64281D79641803BD6EC5BF3
SHA-512:	7E70C6DC408E0BD6D8FE9E1D277129FDF0D3057421DF66731D3A04C736F4C6EE15BE721B097ACDA92085638D39B2A3FCA53479AC4FD030EB8474F8F53B5E8E1B
Malicious:	false
Reputation:	low
Preview:	0\r..m............}....._keyhttps://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/4db2e0cdbd4d/EX8471dbbf04c548c7be9694dd73896449-libraryCode_source.min.js .https://translate.goog/..,.../.....................H....w.q.1.....4pz......).]..A..Eo......5..[.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\44c90d4def7a7a7c_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	223
Entropy (8bit):	5.415660123877579
Encrypted:	false
SSDEEP:	6:m4nYGLOLJrbCrNYKjuCkydUzyMZf7rJHlZK6t:c1rb0AOMyYf79V
MD5:	E5E74609BA4BC3AF68A60A2E81A10864
SHA1:	40871AE3F5B7DC50A56C33F8E86A6568AF6E2DC2
SHA-256:	D47B157AF2F159F4D5E27D4C500503833BE1E81FDA56CD5B37574FB419AD8564
SHA-512:	C0277320772D4887DA97FCA7BECE70C7F31C71C6A90396F5CAB01DA02F288AC4BDB3EB6C47C958608648059954804A365A92E773BBF94AF94B2729A53573F18F
Malicious:	false
Reputation:	low
Preview:	0\r..m......[..........._keyhttps://www.spark.co.nz/etc/designs/sparklabs/clientlib-all.js .https://translate.goog/.g..../.....................J.&..s....Zy.<.cHs.f..*.../<.p6..A..Eo..................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\45fff383de49869d_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.513435520290514
Encrypted:	false
SSDEEP:	6:mEVYGLOLJrbCrRHcVGjuCR+1I//2rn5llZK6t:41rb0UGaM+O/uj5/T
MD5:	FEAB12F8900FD895814A482C0CDBD835
SHA1:	C655B4FE70C40785B3F7511FD39B9FC67368FBB4
SHA-256:	81D19D2E128876980A86CE61E786101AAC18271EC9D0C2A39E643C078F301F42
SHA-512:	21A93AD3BFD9CB66C3FDACC4931FB472378C91C414FD6B404E4A620B422F67911709B1D1A249A9C51266DC1693DBD06EC2089184F4E8A275F70F726535EAC49A
Malicious:	false
Reputation:	low
Preview:	0\r..m......^..........._keyhttps://www.spark.co.nz/etc/designs/onespark/clientlib-sparkv2.js .https://translate.goog/.f..../......................8...RrD.T .....Z...~....4..h..A..Eo..................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\479068813262005f_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	244
Entropy (8bit):	5.508789729946299
Encrypted:	false
SSDEEP:	6:myRYGLSqfb/fdxkBXzXuCgv+K6qkl/UdxR4nK6t:LfRx6apvylcxRy
MD5:	1156597BF44455D14D48F9B0E5661178
SHA1:	3AF369DBCCA042229E3FC4A3BFD1BC8F8AC43E2B
SHA-256:	6BC0303800A5DC209CA42E781291413C8A214308DC0A26797841656C889C92C7
SHA-512:	F65247EA82145DCD346978704194A3ECFC85CA61D07244B716BDC086B5648255593A51861C3F8999D19A7E9645D0F10F2B3665DE2E8DAB884F073EF712B95C7F
Malicious:	false
Reputation:	low
Preview:	0\r..m......p...%QI....._keyhttps://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914 .https://translate.goog/....../......................s0....l.x..\|..<....nxt.t..bS.A..Eo.......7]..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\47dec20af7cca857_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	207
Entropy (8bit):	5.410686549579062
Encrypted:	false
SSDEEP:	3:m+ljUFqv8RzYPIXXHKhQf2XuRW7wgiWJ4uC0klyKlflHCjteFycHuLWGom5mlt/B:m/qEYAWQf2570uC0kly1wQ8ui+4RK6t
MD5:	CCD99824C196B9611622512BC1662487
SHA1:	F197A8879148C96CFB5EC9D0EF73A9B7E990FDAC
SHA-256:	2AEC6D69B183A456BCFC102176463FE504D0E26FFA165400EC74B27AA4FC30E5
SHA-512:	D86CBA60625A11C478B75DB63673D091320A0725D40D2E59D6924729FC27B863CAAA5214549F985974D5E6C74D76BA6A7B7B9478BD1D48F47BB7CE38625BA9B1
Malicious:	false
Reputation:	low
Preview:	0\r..m......K....08....._keyhttps://connect.facebook.net/en_US/fbevents.js .https://translate.goog/....../.............A...........%*.n...m..d6..0....N...a!...A..Eo......{............A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\48e0fed527618827_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	222
Entropy (8bit):	5.457868191436815
Encrypted:	false
SSDEEP:	6:mcYGLOLJrbCrRHrjuC2qJYFdYh/49K6t:g1rb0oKJYIhAX
MD5:	C9728401103C104DDE03D6D7630E1E3E
SHA1:	ED17E1F7CA669A3855DB113E0934527A7BFFAC4F
SHA-256:	716ADD728C503010D0165F609968984E76C3B88E7335EB727D3D36A27A12DF4D
SHA-512:	71C1C50A109BC03728A8D6D9D799FD0C39AF3174B0D834149B70D7CAC6D0BA0F34AB5BDA064E9A82F4AB096E6BFB57C0DF445DD5D93826626EE8C2253BAA716C
Malicious:	false
Reputation:	low
Preview:	0\r..m......Z....._...._keyhttps://www.spark.co.nz/etc/designs/onespark/clientlib-all.js .https://translate.goog/....../......................8.K...%.R.M...o....7..g.S...A..Eo......RL...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\48fd86897158dd45_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.470086519765264
Encrypted:	false
SSDEEP:	6:mzfgEYGLOLJrdEAKltNtuC96YHYxe7w6gK4XKhK6t:Igz1rKlgn1Pq
MD5:	C91C254AAD0A344BF99BED496E82AF58
SHA1:	F9B4CC08187907E1B6C3EA6DE568C91AE1EC12AC
SHA-256:	BE1CF3D1DEE7B741414BE1B29CDB7D5F90F766DD892B6880FD277F9101D05392
SHA-512:	14AF225273F910E43DAE88D73BD35800D4AEF607F739B167BFF42CB0477C4F883EF83E4877D1EB19AEB5483BF53F645774668CA5E272D5CCFC6C912B7179A964
Malicious:	false
Reputation:	low
Preview:	0\r..m......V...I......._keyhttps://www.spark.co.nz/content/dam/kb/public/libs/gwc.js .https://translate.goog/`..../....................T..:c..'..{...O$..y.....;..S..:.A..Eo........bw.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4d702a630beffd81_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	244
Entropy (8bit):	5.399808356548413
Encrypted:	false
SSDEEP:	6:mAWYGLOLJrdEAK1K6oLuntuCINMVufyg7hZFK6t:XN1rKADLtx8q/f
MD5:	58CC2A37E176F989E2DE42F6DDF5CBDD
SHA1:	47A2BB16C77EE526B385E9841A08F6379517AEF1
SHA-256:	953F7D92C0F1590539E0ADC5224E6E4DB21A97731224D2C6B28F70DEF31824A1
SHA-512:	F92B1BF0B2609F51A940CA433C1FEA14AE5BA582539F14D4AD919EBB10F8F4535B9307D8699A54273017B179676CB0A981644641B940882A074765D1B03EC078
Malicious:	false
Reputation:	low
Preview:	0\r..m......p.....a....._keyhttps://www.spark.co.nz/content/dam/telecomcms/js/outage-map/network_banner_data.js .https://translate.goog/....../....................KxA..[..:.7]...jQ."..P....].....A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4f2c20c31a3c3655_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	234
Entropy (8bit):	5.491294388057762
Encrypted:	false
SSDEEP:	6:mBYGLOLJrbCrNYQ50KeAbjuCnot8gA4cNTbK6t:71rb0t5zQ24cn
MD5:	8CE6C3F66F0E83B814D30FB383AA59FF
SHA1:	8100FED84514FEAA70D032D6740931D82662AC43
SHA-256:	39F9FCFFF2A40D9C736A61FA2D998D04EB12F600DD38F2F9801A52B01A3541C5
SHA-512:	C9967D797C40D72E97D110160B8C5161186507B95CAC83DF6E4B1DA00A2CDBD860EB7BA5125F8E7F50E15BACED47558151ACDCCB18A76BCB99834408C5900C44
Malicious:	false
Reputation:	low
Preview:	0\r..m......f....4.v...._keyhttps://www.spark.co.nz/etc/designs/spark-responsive/clientlib-reactjs.js .https://translate.goog/.@..../.....................T6.xR/.*`R.....2...!....>...4..A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5dc9d4e78f5bf235_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	229
Entropy (8bit):	5.287060362480941
Encrypted:	false
SSDEEP:	6:mwEkXY8uCXHhZlcQISuCoD+KlAI1Y/hnnaK6t:OkyGLcFK+xY2
MD5:	9E2EA39C809CD359E2539DDD8D0E1FE2
SHA1:	C75CDEAE4C372806EF95EFCE0AA0A2F1E29D8E4C
SHA-256:	003D643B034C0C458BE535BAEBE8CBFA457C2D4E9451565F902D3F3D58B0B049
SHA-512:	609305687575CF155F9F14BE48F5B4C0105E9C6410BA590FAF8B27775EB83297C5334A1E93E0A5CC7A44098FF9A0E6D5460041932802D9F4FD3A30E36479945D
Malicious:	false
Reputation:	low
Preview:	0\r..m......a....!....._keyhttps://translate.googleapis.com/translate_static/js/element/main.js .https://translate.goog/..x.../...................j....BFZS`.Z.Egs.1.U..'.J.~.v..A..Eo......s............A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\61aa7cab509f8138_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	229
Entropy (8bit):	5.495677734971832
Encrypted:	false
SSDEEP:	6:mbw9YGLOLJrbCr/0tuC55v0tABx8xAvhK6t:3k1rb0MYJAB97
MD5:	73873143C0C39D4454EA3AFFEE6D2FD2
SHA1:	16F807F2100C792A973BBE08E1E0290C77FF7B20
SHA-256:	08D7E6BEED5726AC20DF83A075889E597F605C93C2A77E68DA3C43E141BF1882
SHA-512:	A74CF505119C8728E5EBAEAAF00C3C4A6D71CD75845A402DDF623A83D9467BB5F400838805ADBB7E0C79FC3EAB1652F871894C607F4CA848220C18DD069B5BB6
Malicious:	false
Reputation:	low
Preview:	0\r..m......a.........._keyhttps://www.spark.co.nz/etc/designs/base-frontend/clientlib-react.js .https://translate.goog/.o..../....................x....1}.T..2tJ......va....u...A..Eo.......)..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\61e4634241f9541d_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	238
Entropy (8bit):	5.625197307267718
Encrypted:	false
SSDEEP:	6:mQFxVYAWGUJ3e7nQLY1FvNduCsMg1utk9k4Na/ZK6t:fcd4virAk9kwqT
MD5:	07C63066FE536031CF9D97E73D330A4B
SHA1:	225ACFFDEBA8560C7C23EAFC6533900A5C5EE6F1
SHA-256:	A6DBF768B20360680B364EB6ADD1673D484E8C734096990A3D78D739EB3B8400
SHA-512:	62870090C78394EC979224525075BB9EBB94CBDAF0ACB80A81E62E75A0DE4CE02D3B195E2C804EFFE45CC38C4A40DFB2DCB6C726F1C4364482167260E42149AF
Malicious:	false
Reputation:	low
Preview:	0\r..m......j.....`V...._keyhttps://connect.facebook.net/signals/config/134249707157074?v=2.9.33&r=stable .https://translate.goog/.^..../........................!y...j..m..US....y.R`0r.@;...A..Eo......[iE..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6410707a8cc2264f_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	244
Entropy (8bit):	5.413961156698653
Encrypted:	false
SSDEEP:	6:mIyXYGLOLJrdEAK4gEJGuC192215wi2nPK6t:f11rKq02acx
MD5:	6D545390B4C5753C87C66E5912E3C635
SHA1:	3B55C52112657294B0447B79CC38F2CC0A94A395
SHA-256:	CC0AA58FE462D2BC8E738EC935D9B251CA8BC413E357FCAB04BFA3678941F716
SHA-512:	F3CF1F7572F38CBB8FEF1F79D7759B86C48B10A5A3ADFA880B8ED59CAE9AEB04E78E42ADDE919F103A7037342EA840C0B200D873931DE53294077ABE5A0BB674
Malicious:	false
Reputation:	low
Preview:	0\r..m......p....R......_keyhttps://www.spark.co.nz/content/dam/telecomcms/livechat/chat-widget-target-pages.js .https://translate.goog/..o.../....................Ci...<.z...k~y......}......w#00!.A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\642b8852a6320f23_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.4585728904057955
Encrypted:	false
SSDEEP:	6:muCSEYGLOLJrdEAKls0uCKAsyRwTfEFJuxK6t:5Cm1rKlIwsgE
MD5:	1C20F226147E47F92E91AE54DA922117
SHA1:	3FAB115B45507C3DE7057911682C9A924DCFBBDA
SHA-256:	D1199EB509A3ACAC3A747B817AA8571BFCB31EA1A581135CA6D81367BB0C62FD
SHA-512:	5AFFF27ED84C519CAC6FAD37F08C2F687B2D112377E8D4D5156A928DCC58F944791C3AE15728A0D26E5BED6EBBBA4EAAE3355A3E50091B40EBB5DFD7C82F654B
Malicious:	false
Reputation:	low
Preview:	0\r..m......^....-......_keyhttps://www.spark.co.nz/content/dam/kb/public/libs/widgets.min.js .https://translate.goog/....../............./.......v.t.rPfx.!.2=.[...........6g.A..Eo.........$.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6b23593b175be890_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.88521722843729
Encrypted:	false
SSDEEP:	6:mlPYoLYuK4Hx55F5cNkPCN4MPtK6dljRduC46NkqKwP4LK6t:EEuZHT5jcBPtHdgPlqPPK
MD5:	13EA876B43E64201141BB8FF07F4A028
SHA1:	352C725873CC1CFA9626963A8BC7219B04D20018
SHA-256:	5D69AEBDA45CF11554CC04E588529886E22110DFE47D997C2B498C88DB7FC337
SHA-512:	CA8D798FD678D85E3003571AC0CDFEC02480294CDE6164A2E7C2F8329A48A8A607E157945DA8978F07BF8D65C439DD9FEE0D8C8A79D00731800A7BC9E38F0EBB
Malicious:	false
Reputation:	low
Preview:	0\r..m..........y..\|...._keyhttps://ad.doubleclick.net/ddm/adj/N700316.197812NSO.CODESRV/B20295767.205245490;sz=1x2;ord=1972277568;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=? .https://translate.goog/....../.............{........T.E....y..j..,.+.........{..A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6ef9f71484a8ba64_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.958700105986257
Encrypted:	false
SSDEEP:	6:mtl/VYGL+MIwJJiuCTbk9gj/oWE2P4eRK6tgFHkudVE6lQOBWT9Qgj/oWE2P4:cIwv3UomfrXQE6hQym
MD5:	CF8501F19882B005B5244A5F95CE1F1E
SHA1:	8ABD7B57C3D62CD40C5F14EFEF7C4CC6E7E0B26A
SHA-256:	5639203F08E74479C93F7D295AF3552400DD553050CE53BBD2A3A0406F0895CC
SHA-512:	C8F6456C071BD9DCB992C262C2F57A275320B2DFA7A2740EDFA949946048AC2A490101FAD52398E61C832B5488C05D90FD3E691FBE046838BAF570A76396A53E
Malicious:	false
Reputation:	low
Preview:	0\r..m......J...I......._keyhttps://www.google-analytics.com/analytics.js .https://translate.goog/....../.....................S(....u..b..M...O.........-.)..A..Eo.......s.P.........A..Eo......................../.h)..597BA4459BADDBB531E88A640DC60B7D20A8A5A8FC903D1B32289B05CE731872S(....u..b..M...O.........-.)..A..Eo.......j>RL.......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\771b0700dd55e789_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	234
Entropy (8bit):	5.456614226359768
Encrypted:	false
SSDEEP:	6:mMXY8uCREZVXopRjVRXuCIj++A5tfJCogd1X4m8nK6t:0IE6j7eBjvOfJyd1Xmp
MD5:	A26113DEEF50EEC1AA73A3649CB22D92
SHA1:	739850F506B67B4E67DC792314462337CC04D780
SHA-256:	AC3609A019671BD63A0941F34B1A68F7574355354FFCA2AF972A40327B9F11B2
SHA-512:	05572D703E14825B9E09DBED994D1E37CE6F2B3CF86A6569DC1B67BBBEBD1A0C15593F7DB6AD9D0ECABB4D3B6DADBFFDB9CF6C2F7FDDA14D46BA102DF1621CA2
Malicious:	false
Reputation:	low
Preview:	0\r..m......f.... ....._keyhttps://translate.google.com/translate_a/element.js?cb=gtElInit&client=wt .https://translate.goog/.i..../.......................q...?.b.a..g..[...P.b..%....A..Eo......z............A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\79724d7411ed81f8_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	44032
Entropy (8bit):	6.152231164355781
Encrypted:	false
SSDEEP:	384:WqfJEmUzB8stkEKdFi1aSU6U5H/ncCmj2MT/D2Wx5cfV0V50OKlftndAy1C/4H:Wqfmm+BaEXUZ5H/cCmjz7cfV0HzK/1Cq
MD5:	DC57246314EB3F9121780D8B53DE3562
SHA1:	DCD0D50910DE5319F0109A9874253F342736C169
SHA-256:	42991BC7DAB5A14A378B49C1114345870D2ABDDDDF3F3B85B2FB97A6BFB4F87F
SHA-512:	CA47709778F793F1EDC353CFB0127128D32E404E550E1269203F3D3F8E0D5A31A1BF266C09BB2C8287DE3B5871159C47617707ED9B8130528DE53139C8A14156
Malicious:	false
Reputation:	low
Preview:	0\r..m......X..........._keyhttps://www.googleadservices.com/pagead/conversion_async.js .https://translate.goog/.E..../......................q...I~>o...`....?GZwee.D...N.#.A..Eo........j..........A..Eo................................'.?y....O....X...Q......................<........................................................(S.<..`2.....L`.....(S....`.......L`\......RcZ...........$.....Qb.Z......aa....Qb.M.b....l.....Qb../....ca....Qb.I......da....Qb........p.....QbN$.N....t.....R....Qb........ea....Qbn.......fa....Qb.^.j....x.....Qb........ha....QbBe......pa....Qb.d.-....qa....Qb...V....ra....QbB.......ta....Qb.5......A.....Qb.......B.....Qb.b.n....wa....Qb.[.h....xa....Qb.6}x....ya....QbfO......za....Qbj..M....Aa....Qb...]....Ba....Qb...D....Ca....Qb.:.....Da....Qb"..6....C.....Qb..\|....D.....Qb...C....E.....Qb.......Ea....Qb.......F.....Qb..}.....Fa....Qb..Dt....Ga....Qb.......Ia....QbJ/......Ja....Qb........Ha....Qb........$a......Qbj6......bb....Qb........cb....Qb...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\87036b8100634b72_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	200
Entropy (8bit):	5.451772532859335
Encrypted:	false
SSDEEP:	6:myVPYxu/c/CVjSYDK6ZtlNHn/qzrItRK6t:Dku/c/CV1DKKbH/VF
MD5:	92CF9AF1936F45C4A70D21F32D727041
SHA1:	7327658006547803187FEFC0977EA4EEE6C62F92
SHA-256:	DED830F214A10F62A6FA8781CB258033FF292F6A263AAC1DB96A7AE7AF6A003B
SHA-512:	06F3B09C36C1AADA819CC82B1AEA8468B1A8C48081364B6612906F2A33613D3F3CA50EA1E907B0AE2B781C6D14E21267F70D2A9429D8DD53E724C4B5C4896A21
Malicious:	false
Reputation:	low
Preview:	0\r..m......D......h...._keyhttps://secure.quantserve.com/quant.js .https://doubleclick.net/.9..../.....................X....^..........%.i.2.A..Eo........l..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8d9af317c4b836a5_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	231
Entropy (8bit):	5.422056026896965
Encrypted:	false
SSDEEP:	6:mZ6EYGR0qEMhV8Y10uCBo40asaNH8zbK6t:PWSqEcVZvoIn24N
MD5:	D8C96D2F4C33A2BC2E0C95C18436D889
SHA1:	D44F83FE59C29934FECD6772FB3F0C762B9BD154
SHA-256:	D038577C8A0BA39D74EBCD908E52FE3E9027CE113AFD7A0C0B107AEAE092558B
SHA-512:	2A7DA469939296E6B8B1B361F8B0AE4E1A661125AEC71C3D915E9E336FD4242708F39CE507C75E5F45E5200D5E6C193712DC821183ABF4C276CF6DA81513A72F
Malicious:	false
Reputation:	low
Preview:	0\r..m......c...../....._keyhttps://d2oh4tlt9mrke9.cloudfront.net/Record/js/sessioncam.recorder.js .https://translate.goog/h:r.../.............W.........[E.<m6Rw.]7..i >.........Y...A..Eo......F.0.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8f55c266ff3844ba_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	76304
Entropy (8bit):	6.031404191899428
Encrypted:	false
SSDEEP:	1536:25aLLDE576VoXpel2+Y+XKl+QBxl5snc9nNvu:2yDE576VoX6g+XKnF2c9nE
MD5:	817A8DBE6E21F0AF49A78A88C08274C4
SHA1:	6CACBC43D269048E218F576C517958FC3C5324FF
SHA-256:	AFF59D2B964C9285987B0473FDA961D14DEB70173AE24C1B1DFB1E0798736771
SHA-512:	6A231F08EA005266521D11AE14868FAD3C1AC3A23B3B26DE8E1D55B465642977490A80B4F60B13AE41CD613CFD91CAC00100F60D848D97F00F5759F5870CA15C
Malicious:	false
Reputation:	low
Preview:	0\r..m......@.....XZ....597BA4459BADDBB531E88A640DC60B7D20A8A5A8FC903D1B32289B05CE731872..............'......O.....(......................l...........................................................D........................................(S.D..`B.....L`.....(S.a..`\|.....L`b....}.Rc............T.....Qb.M.b....l.....Qb.......q.....Qbnn......r.....QbN$.N....t.....R....Qb........v.....Qbf.......w.....Qb.^.j....x.....Qb2.......y.....Qb.@......z.....Qb.5......A.....Qb..\|....D.....Qb"..6....C.....Qb.......B.....Qb...C....E.....Qb.......F.....Qb..?.....H.....QbzT5.....G.....Qb..zI....I.....Qb..P.....J.....Qb.e......K.....Qb.......L.....Qb........N.....Qb..w.....O.....Qb~......P.....Qb..].....M.....Qb../....ca....Qb.I......da....Qb.Q.d....Q.....Qb.P......S.....Qb..S.....R.....Qbn.......fa....Qb.5.V....U.....Qb........ea....Qb.......T.....Qb&.e.....V.....Qb........W.....Qb^.5....Z.....QbJaxl....Y.....Qb...K....X.....Qb.Z......aa....Qbz..e....ba........................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\93801eaeb49cb205_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	251
Entropy (8bit):	5.553124441519404
Encrypted:	false
SSDEEP:	6:mgx9YoDaZC1HEHIrDXtefWloFjuCyoVtxav9wHr4IUJhK6t:N/2ZCRwjaDgtxywLDg7
MD5:	D310211F0B784716A1B758FEEDB3FE3F
SHA1:	9B0CAE0D0E0D718248F78A720656D7CB32ACA4BE
SHA-256:	69E349247977645325DFBB11C4E74E66FE507C1F8D2F2EDD90559473C808D8E9
SHA-512:	3DBC4D05CBA9C3D86A47E4E0013A73256097B7D33A54001C49215115E7C9225D76670156F48D11754EF018A4E7986BE8BFD0E4434DA444EC380AB0634C88F646
Malicious:	false
Reputation:	low
Preview:	0\r..m......w...=p....._keyhttps://pagead2.googlesyndication.com/pagead/js/r20210113/r20110914/elements/html/omrhp.js .https://translate.goog/....../.....................n..W"......."....P+<%.\|.#..Q.....A..Eo......F............A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\93d183b5c552dedd_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	230
Entropy (8bit):	5.61323994225711
Encrypted:	false
SSDEEP:	6:mV+YGLSmXZCtTTipEjuCfCtgPiY/PlEllhK6t:Ow4TipEaZYy7
MD5:	0A0C5C16FCB2464A4F6163B9F7646782
SHA1:	95058C5623345CBCDFE3F292BEA516840DB39503
SHA-256:	3F5E3E9A21AF73E5938251D86905A6EF36F8A058E19A42D4D6F3A4B3EBCAEE79
SHA-512:	DBDD26E699E3E80345753707DD101715E90964AECC7D9681763C4B7C7F97443820FEEC96EA6DB5C5E345C87E830F1B7A2741464775A8FF0498C1CE4929C05790
Malicious:	false
Reputation:	low
Preview:	0\r..m......b.....Dw...._keyhttps://www.googletagmanager.com/gtag/js?id=UA-48213762-2&l=dataLayer .https://translate.goog/K.v.../.....................2\.A.1<9..j^n..9h(&...qm.;...A..Eo..................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\983819d23cf8e8eb_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.762297592457443
Encrypted:	false
SSDEEP:	6:mKYGLOLJrdEAKPiwG2cfMhWI+cFUVdE4Ls/8uCv1166M4xPm47u/lbK6t:K1rKqwG2cfVbcEEywtc3McPmJlN
MD5:	95DD00241EB483210BDDE2BAB5C497FB
SHA1:	1F80E7BD691EB9C97108484E0AC3E06341D6C4DF
SHA-256:	AB3CFE7AF3E264B7D4F39A4122B1C7588D98920D8324D938B99DD86FCE7349CB
SHA-512:	4F1A4C960BAF0CD2821BDE4C216FC118F4E50A28CF14B383F570C19C574DDCEFF8E4A9BF82E39C5E9C2B90A06E88F5602071EAD73110E8747388BD7DCD464F97
Malicious:	false
Reputation:	low
Preview:	0\r..m..........}.&C...._keyhttps://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/4db2e0cdbd4d/hostedLibFiles/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_AudienceManagement.min.js .https://translate.goog/..,.../...................~.!...6~..M.Ef..$ov.s...e..{....A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9a0b15f197ea8065_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	245
Entropy (8bit):	5.393214389253645
Encrypted:	false
SSDEEP:	6:miYY8uCXHXOCFRGQAlISuCinjCfJTpLljbK6t:NG3VfPIcfGfJTpLNN
MD5:	91618D78479F773DFF888F048C1A1B63
SHA1:	2E1DC922B24B77B232007ECD3E834DEC7F47D380
SHA-256:	B2AE3C84E8854CF3649F8137D875813EF4C58D17AC2E113BB8F9A4A0F80934F4
SHA-512:	31AC8816D6F60D9F52BD14DF466FFF5CDC144D0ED770A446B27B8BB91F8396CFFCE3CB2DB65488BBA2349DA1A83951AD7773C48A63193705102768DF7A181E68
Malicious:	false
Reputation:	low
Preview:	0\r..m......q...N......_keyhttps://translate.googleapis.com/element/TE_20201130_00/e/js/element/element_main.js .https://translate.goog/8...../............._.......FC..x.F.-.."M.E...IYEz,c.~h....,.A..Eo.......s+p.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a2ece3c35496c063_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	227
Entropy (8bit):	5.465973823998472
Encrypted:	false
SSDEEP:	6:mYyVYGLOLJrbzKuKS7M8uC8dwQnbEkiqJd/m4rmY/hK6t:FR1rbzHP7mrJ7JdjmYT
MD5:	AF4A42D0E0386CDB392FBC60F962B3B3
SHA1:	DC6AF0B74475E82FC81AAF26D820FCC782DD4143
SHA-256:	51496092A9A41296B950A2353D05C2B5D6AC63A4CD6515CAB10F6E8351A47ECD
SHA-512:	1EA3F79009C3BDDD8C097C81FCB4BFA114E51674E70AD761C4798026628302BE491DCFD55DBA225AC693A2CEE9A3F33ADDC9A7E169109795F8B46F6606214A13
Malicious:	false
Reputation:	low
Preview:	0\r..m......_....&.?...._keyhttps://www.spark.co.nz/etc.clientlibs/clientlibs/granite/utils.js .https://translate.goog/.V..../.......................eg6...J....u.3.@.Wx......T"/.x.A..Eo......8V..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a3a6faa4a8999070_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	264
Entropy (8bit):	5.634543232278228
Encrypted:	false
SSDEEP:	6:m2nYGLOLJrdEAKPu4ajuCKo7oPR5B9LrOEK6t:ve1rK1L0mR
MD5:	FCA7F815FEBDFC327C593F683C9E4455
SHA1:	A22B96824C00B00617A2D8EC29698CF4E71830ED
SHA-256:	5392449E1B6D8A7347F63D866034EBF2AFBB30BB6CD52D7C09305FA554867C95
SHA-512:	EC3160D851A92D92B8DFA9A305204AD9A575CDA7805A6904E403AD9BD5E70AB0CB6FE0A2CAC01C6528FCF79C33C936A817336C6E80DD1CC3A66A86CC708C39A3
Malicious:	false
Reputation:	low
Preview:	0\r..m...........4......_keyhttps://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/launch-4c20c4466aca.min.js .https://translate.goog/z%..../......................j$.\C9<,..{hr~q.J4.?.[..pN...4.A..Eo......b..S.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a5df18d76cc55c34_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	236008
Entropy (8bit):	5.959407851233371
Encrypted:	false
SSDEEP:	3072:Qf8ulXIY6ofRqBCbRX9+q92wrpxyk+tiD33WgcqUQF7jHOpPGU+chmL/:Qx1fEBcRX9+9w75/B5qpPZ+yo
MD5:	DF175AB85F42841A39CCDE88C0795352
SHA1:	FE745C9BC2A8618F3A16192C925C69319F68E368
SHA-256:	0B1E825A09406CDEAF902270F717301C4E5AE3EEF12A8AC71EF997C0BF190F86
SHA-512:	F65D9AC351B3C3B22A14EAF59206440AEA9D967F0BEA5DBA77E85A6F9325DE28146420A306156BA9AC29D43307217FFB26E0398BCD0D8D140476E6E6D8F5B513
Malicious:	false
Reputation:	low
Preview:	0\r..m......@....Y.=....DF74C45721AE1C7EC52E5614C2D73AADF827AB845FE7D4A8F710DA51CDFC61C7..............'..-....OA..........................`...p...............h...L.......................h.......................x...<...................................l............................................................................................................................................(S.<..`2.....L`.....(S...a..`\|J.....q.L`4........Rc............`............M.....Qb.^.j....x.....Qb^.5....Z.....Qb........N.....Qb2.......y.....Qb...K....X.....Qb.E.L....Gx....Qb..(.....IB....Qb..=.....TY....Qb...D....sq....Qb..ZI....I4....Qb"v......CC....Qb........Zx....QbB.E!....Rq....Qb........kH....Qb.se-....Xw....Qb..2....ss....Qb........Fw....Qb.4.o....K4....QbJ.......Li....Qb.(j<....H6....Qbj..D....Oj....Qb.P......y5....Qb..;....pD....R....Qb.......vS....Qbj.......gU....Qb.f......H1....Qb.......Tf....Qb..V.....Aw....Qb:9......fY....Qb........YN....Qbv.K.....ad....Qbb.......W6....Qb.Z.h..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\adbe09887b56b9f7_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	216
Entropy (8bit):	5.4332422178623485
Encrypted:	false
SSDEEP:	6:mvXXY+PW/ULMdaNySYVt6UXKY9r69kAvylnK6t:+wrUWzxRMpy/
MD5:	A2023084B0C5945F8508046AD5FFD9D0
SHA1:	6FEB11D91CD6C2C1D4AD2D0526390E640D4C617C
SHA-256:	8EF998F1A19CA8F5DE36900DB963BE78A814E6DC72BCC282A59B5424EB6819CC
SHA-512:	3D39D33CABBC4D5D877AA08E295E51F2144C920B700B51BCC590B49A428239232F3F176BCFEEB874282D6F773FCF9EFEE035918FDE66037437E654A368F8B6F6
Malicious:	false
Reputation:	low
Preview:	0\r..m......T...k..S...._keyhttps://snap.licdn.com/li.lms-analytics/insight.min.js .https://doubleclick.net/....../.............z........n.+Y..d/..V}Ln...KAK...`.5.].@.A..Eo........W..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b2884e403d688bd1_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	228
Entropy (8bit):	5.485731480267829
Encrypted:	false
SSDEEP:	6:mON/6EYGLOLJrbzKuKSNWFVtuCy1Y4tz7n7Q/lbK6t:HG1rbzHPEFaK4N7cr
MD5:	BA13D19083E4DD155FA51140DF4025D0
SHA1:	CD3BADBF931B3F10A49FE57DE5E128F37564B656
SHA-256:	2FA1000DA2A3A03DCB9CF1B38C6544BF4FDB23BF2AF16ACEF16778AC498EDD35
SHA-512:	3347136A890A953836441B3158359E974F4F948A4C5B1EF7BBC20A22E7EDEFD643BA024BC15A8131D1E12973B71458EFDD6D2C568AABEF1E5B03380ECDA3C759
Malicious:	false
Reputation:	low
Preview:	0\r..m......`...\|j......_keyhttps://www.spark.co.nz/etc.clientlibs/clientlibs/granite/jquery.js .https://translate.goog/...../.....................!....X..S...:...g....\|#j....F.9.A..Eo.........!.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b4c9613f6068be0f_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	231
Entropy (8bit):	5.450415532162781
Encrypted:	false
SSDEEP:	6:m6YGLOLJrbzKWQiC6K8QuCXobQCLaNdA2K6t:61rbzBBhWnN
MD5:	ED5E1F4472438D999B4CBC4CBAE24AE2
SHA1:	9DF8F2819C9679272B8D5A430A2EE6B29AEE7FDF
SHA-256:	AD08E720E357C67B7EA166576313A076A4AB04BCF3240008C29B071DC068F9C2
SHA-512:	7140A799CF81929CCCDBECB9A0F5968D30468579E6898B270E965450B791D0A7681E1EF1CF960A59D0BA637A17296619457DA7AED501BC376D77F74EC02A5EF1
Malicious:	false
Reputation:	low
Preview:	0\r..m......c....2.y...._keyhttps://www.spark.co.nz/etc.clientlibs/foundation/clientlibs/shared.js .https://translate.goog/...../.....................J.:Rz"....q.~hm..&k.W..;.j.0....A..Eo.........C.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b7f216b600de166a_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	299
Entropy (8bit):	5.637561151998323
Encrypted:	false
SSDEEP:	6:mQyYGLOLJrdEAKPiwGQtdQCjvT6/sa0uCn6ew2bO4Uq/dlK6t:9R1rKqwGQthzGneyVqF/
MD5:	8773CF96D9A03736E694C1B6D30B5237
SHA1:	901B77D37843642B5641CA6BA3285FAE7663669B
SHA-256:	F66E19B2EEF470F481AFBB0CAC11DCE1CA8582A19DAF88AB58B24CEE4E6ADA3D
SHA-512:	0CB5CC5C062E33DD9B8415133878024FDA8DF031447E28CBA9360DF1F51F1FAF58E0FF90D9355AE190FFB4A67BCBE785594B937FCC08ADA398CA98189FE13943
Malicious:	false
Reputation:	low
Preview:	0\r..m..........7.~_...._keyhttps://www.spark.co.nz/content/dam/telecomcms/dtm/3ab3370ddaf0/bc5880d35c57/4db2e0cdbd4d/RC87ec4858844c410aa29858856ca1c79c-source.min.js .https://translate.goog/.p7.../.............7........nV.*.Zq.V\|..\...7.A..vu...."K.A..Eo......a...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bd2a7ecea3be0853_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	215
Entropy (8bit):	5.559097210795935
Encrypted:	false
SSDEEP:	3:m+lx8dA8RzYkvLl6IVIYGP+WFvDtSpJMBy+flHC21nObDTCJK5jKoyRmELhtlpK+:ms4YkvLlpZU+WjSYM21mDt5WvASK6t
MD5:	E00E735CF494D42019BCF91A77CEA859
SHA1:	312FC02C5B37F07104041DCFE4B50C55CC206F70
SHA-256:	1A2B4F19187E9A39D857CADF84F393DCA9827644A1F3FF9AC5405D46E6DA50F7
SHA-512:	D6943C20F26333215B47EEEC0478137E00A1A7F4386A7A0CDC455099AB51B69B4E2B16C8237AB46AF2727DE745E912F3E3156C2F2F8DA99BEE3E58B586158B68
Malicious:	false
Reputation:	low
Preview:	0\r..m......S...EI.r...._keyhttps://rules.quantcount.com/rules-p-Jj-dsf1RefZer.js .https://doubleclick.net/.X..../............._.........A7...'.`.P.)3.x..].w...C..h...A..Eo...................A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bf31fe0f587e6b42_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	225
Entropy (8bit):	5.483796984899778
Encrypted:	false
SSDEEP:	6:m2VYGLOLJrdEAKlMn7uCYyaKN/OWg6W1nCbK6t:q1rKlMiU26W1CN
MD5:	1685590BE06FE27798CCEF9FE63F5995
SHA1:	221DC0B5065DBC174C3CF0965EE0D7AD0392B393
SHA-256:	44DCE10A4DFFD9B6514D02ECB7C4916B76B6F1C929BECDDB8B6E00D37D690BF2
SHA-512:	603720822DEE9F60AEE69A83F54983986BFE1610D95F6EA4988942448DA0E371AAEAE5CC32AB4E90F5F817C6281C8F06BAB517DB34D5D50046B16561DC96E0E0
Malicious:	false
Reputation:	low
Preview:	0\r..m......].........._keyhttps://www.spark.co.nz/content/dam/kb/public/libs/gwc-config.js .https://translate.goog/Q...../......................h......,.......,ra-I....m_.L.A..Eo......v.GY.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cf4e4ce2f684870b_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	203
Entropy (8bit):	5.365222770339088
Encrypted:	false
SSDEEP:	6:mwyYg4OGTCX8n07uCsrM08isykt9hb

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://tzkyr6v7mululglgonj2qs4pae--www-spark-co-nz.translate.goog/

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files